Enabling SSH on Ubuntu is a fundamental task for any system administrator or developer managing remote servers. Secure Shell provides a robust and encrypted method to access and manage your Ubuntu machine from anywhere in the world. This guide walks you through the process, ensuring your setup is both secure and efficient.
Understanding the SSH Service
SSH, or Secure Shell, is a network protocol that allows secure communication between two networked devices. On Ubuntu, the OpenSSH server package, `openssh-server`, is not installed by default on minimal server installations. You must actively enable and configure it. The primary configuration file dictates how the daemon behaves, including port numbers and authentication methods.
Installation and Initial Setup
Getting started is straightforward thanks to Ubuntu's Advanced Package Tool. Before you install the server component, it is good practice to update your local package index. This ensures you are installing the latest available version with the most recent security patches.
Installing the OpenSSH Server
Run the following commands in your terminal. The first command updates the package list, and the second installs the SSH server daemon.
sudo apt update
sudo apt install openssh-server
The system will prompt you to confirm the installation. Type `Y` and press Enter. The service will start automatically upon completion.
Verifying the Service Status
Once installed, you should verify that the SSH daemon is running correctly. This ensures that the service is active and listening for incoming connections on the default port.
Checking Active Status
Use the `systemctl` command to check the current state of the service. A status of "active (running)" confirms that everything is working as expected.
sudo systemctl status ssh
If the service is inactive, you can start it manually using sudo systemctl start ssh .
Configuring the Firewall
Ubuntu comes with a built-in firewall called `ufw`. If you have enabled it, you must create a rule to allow incoming traffic on port 22. Without this step, remote connections will be blocked, even if the SSH daemon is running.
Allowing SSH Traffic
Apply the rule to allow the default SSH port. You can then verify that the rule is active by listing the current ruleset.
sudo ufw allow ssh
sudo ufw status
If you are working on a cloud platform, ensure the security group or network ACL associated with your instance also allows inbound traffic on port 22.
Security Hardening Best Practices
Leaving SSH on the default port with password authentication enabled is a security risk. You should harden your configuration to mitigate brute-force attacks. Consider changing the default port and disabling root login entirely.
Modifying sshd_config
Edit the main configuration file using your preferred text editor. Changes like disabling password authentication and using key-based login significantly increase your server's security.
